Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netscaler vulnerabilities and exploits
(subscribe to this query)
801
VMScore
CVE-2018-6186
Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.
Citrix Netscaler 12.0
383
VMScore
CVE-2007-6192
The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, which makes it easier for remote malicious users to obtain cleartext credentials when a cookie is captured via a known-plaintext attac...
Citrix Netscaler 8.0
445
VMScore
CVE-2007-6193
The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote malicious users to obtain sensitive network configuration information if this address is not the same as the address being used by the...
Citrix Netscaler 8.0
685
VMScore
CVE-2015-2838
Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler prior to 10.5 build 52.3nc allows remote malicious users to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_nam...
Citrix Netscaler 10.5
1 EDB exploit
383
VMScore
CVE-2015-2839
The Nitro API in Citrix NetScaler prior to 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/x...
Citrix Netscaler 10.5
383
VMScore
CVE-2015-2840
Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler prior to 10.5 build 52.3nc allows remote malicious users to inject arbitrary web script or HTML via the searchQuery parameter.
Citrix Netscaler 10.5
312
VMScore
CVE-2018-18517
Citrix NetScaler Gateway 10.5.x prior to 10.5.69.003, 11.1.x prior to 11.1.59.004, 12.0.x prior to 12.0.58.7, and 12.1.x prior to 12.1.49.1 has XSS.
Citrix Netscaler Gateway Firmware
1000
VMScore
CVE-2017-6316
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote malicious users to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.
Citrix Netscaler Sd-wan
2 EDB exploits
383
VMScore
CVE-2016-4945
Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote malicious users to inject arbitrary web script or HTML via the NSC_TMAC cookie.
Citrix Netscaler Gateway 11.0 Firmware
435
VMScore
CVE-2007-6037
Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in Citrix NetScaler 8.0 build 47.8 allows remote malicious users to inject arbitrary web script or HTML via the standalone parameter and other unspecified parameters.
Citrix Netscaler 8.0 Build 47.8
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »